1. 首頁
  2. 問答
  3. 將值插入到mysql並將值從'0'設置爲'1'?

將值插入到mysql並將值從'0'設置爲'1'?

2013-02-01 105 views
0

我需要一些幫助,我的阻止用戶腳本。我試圖讓它插入值,然後將列從'0'設置爲'1'。將值插入到mysql並將值從'0'設置爲'1'?

它插入的值很好,我的意思是它插入user_id和blocked_id沒有prbolem,但它導致我語法錯誤,當我嘗試並讓它設置阻止從'0'到'1'。

誰能告訴我在哪裏,我去錯了,謝謝。

CODE:

<?php 

require_once('includes/session.php'); 
require_once('includes/functions.php'); 
require('includes/_config/connection.php'); 

session_start(); 

    confirm_logged_in(); 

    if (isset ($_GET['to'])) { 
    $user_to_id = $_GET['to']; 


} 


if (!isset($_GET['to'])) 
    exit('No user specified.'); 

$user_id = $_GET['to']; 




$result1 = mysql_query("INSERT INTO ptb_block_user (user_id, blocked_id) VALUES (".$_SESSION['user_id'].", ".$user_to_id.")") 

$result2 = mysql_query("SELECT ptb_block_user SET blocked='1' WHERE id=".$_SESSION['user_id']."") 


or $result3 = mysql_query("DELETE FROM ptb_block_user WHERE user_id = ".$_SESSION['user_id']." AND blocked_id = ".$user_to_id.""); header("Location: {$_SERVER['HTTP_REFERER']}"); 



if($result1) 
{ 
$_SESSION['message2']="<div class=\"infobox-profile\"><strong>User Blocked</strong> - This user has successfully been blocked. You will no longer be abler to interact with each other's profiles.</div><div class=\"infobox-close\"></div>"; 
header("Location: {$_SERVER['HTTP_REFERER']}"); 
} 
else 
if($result3) 
{ 
$_SESSION['message2']="<div class=\"infobox-favourites\"><strong>User Unblocked</strong> - This user has successfully been unblocked. You can now interact with each other's profiles.</div><div class=\"infobox-close4\"></div>"; 
header("Location: {$_SERVER['HTTP_REFERER']}"); 

} 
?>

來源

2013-02-01 James Arthur

+2

我看不出有任何代碼'0'遞增到'1',然而,我看到的代碼看起來SQL注入攻擊非常敏感。 – Madbreaks

+0

表中的字段可以有默認值0,他試圖更新字段爲1,但使用的選擇來代替。 –

回答

3 
$result2 = mysql_query("UPDATE ptb_block_user SET blocked='1' WHERE id=".$_SESSION['user_id']."")

使用 「更新」,而不是 「選擇」 改變一行。

來源

2013-02-01 00:21:22

相關問題

 相關問題